SNI SSL? Configure Apache SSL virtual hosts with SNI to host multiple SSL certificates on one IP
In a previous article, we explored the question of whether SSL requires a dedicated IP address. We learned that, it is possible to host multiple SSL websites on a single IP address using a technology called Server Name Indication (SNI). With IP addresses becoming more expensive and scarce all the time, and SSL being all-but-mandatory due to privacy risks, this technology is an important way to keep website hosting costs down.
In this follow-up article, we will delve deeper into the topic of hosting multiple SSL websites on a single IP address using SNI. Specifically, we will discuss the steps involved in configuring Apache to use SNI. Although the configuration is relatively simple, we find that it helps to have examples so that you know you’re doing it correctly.
If you are a website administrator or web developer who needs to host multiple SSL websites on a single IP address, and you need to configure apache for this manually, this article is for you. We will provide you with the knowledge and tools you need to set up SNI on your own server and start hosting multiple SSL websites securely and efficiently. If you are using a control panel such as cPanel, manual configuration of Apache for this purpose will not be necessary.
Table of Contents
How to do it?
To configure Apache to use Server Name Indication (SNI) to host multiple SSL certificates on a single IP address, you will need to perform the following steps:
- Obtain SSL certificates for each of the websites you want to host. These certificates should be signed by a trusted certificate authority (CA) and should include the domain name of the website in the Common Name (CN) field of the certificate. Obtaining SSL certificates is outside of the scope of this article.
- Enable the mod_ssl module in Apache. On most systems, this can be done by including the following line in the Apache configuration file (usually called httpd.conf):
LoadModule ssl_module modules/mod_ssl.so
- For each website you want to host, create a virtual host in the Apache configuration file. The virtual host should specify the domain name of the website, the location of the SSL certificate and private key files, and any other necessary settings.
This main step is to add a virtualhost entry in httpd.conf for each ssl website. Here is an example virtual host configuration for a website using SNI:
ServerName example.com
SSLEngine on
SSLCertificateFile /path/to/example.com.crt
SSLCertificateKeyFile /path/to/example.com.key
# Other virtual host settings go here
- Restart Apache for the changes to take effect.
That’s it!
You should now be able to access each of the websites you have configured using SNI using a web browser.
Note that SNI, first standardized in 2003, is supported by most modern web browsers, but may not be supported by very old browsers or certain niche devices. If you need to support clients that do not support SNI, you will need to use a separate IP address for each SSL-enabled website.
Do you love servers?
We do! If you’re looking to optimize your server’s configuration, IOFLOOD can help. Our dedicated servers offer a range of solutions to fit your needs, and our team of experts is always available to answer questions you might have about your server.
To learn more about our dedicated servers and how we can help you with your specific needs, contact us at sales[at]ioflood.com or visit our website at https://ioflood.com. Our team is ready to answer your questions and help you find the best server for your needs.